We hear them in many cyber security presentations. They are so integrated into marketing campaigns, websites, interviews and product pitches that they have effectively become a universally agreed upon "truth". Cyber security myths. Not only are they incorrect but they can be downright dangerous.
In this session we will take several of these extremely popular "truths", explain their origin and how they got to where they are today and then, more importantly, bust these myths using examples from security incidents and recent security research. “Attackers need to be right just once and the defenders need to be right all the time”? “More security products mean better security”? “You don’t have to out run the bear you just have to outrun your friend”? “Sophisticated threat actors use sophisticated tools”? I don’t think so…